[systemd-devel] certificate and trust store feature for systemd
Thomas Haller
thaller at redhat.com
Thu May 26 10:27:15 UTC 2022
On Thu, 2022-05-26 at 12:42 +0300, Mantas Mikulėnas wrote:
> On Wed, May 25, 2022 at 4:28 PM SCOTT FIELDS
> <Scott.Fields at kyndryl.com> wrote:
> > I apologize for the very general inquiry.
> >
> > Are there any plans to have system natively support its own trust
> > store for items like CAs, x509 certs, passwords & truststores akin
> > to the keychain in Windows and OS X?
> >
> > I still find the management of PKIs in /etc/pki to be problematic.
> >
> > Having this available as a core service within systemd using like
> > APIs either in (mostly deprecated) CAPI or the new CNG
> >
>
>
> This sounds more like the area of p11-kit, rather than systemd.
>
Hi,
I also think that this is an area that is lacking on Linux.
For NetworkManager, the plan was something like
https://wiki.gnome.org/Projects/NetworkManager/PKCS11
Related also:
https://wiki.gnome.org/LubomirRintel/NMPkcs11
(of course, this is not supposed to be NetworkManager-specific).
More work is needed.
best,
Thomas
More information about the systemd-devel
mailing list